'BrutPOS' malware steals credit card info from swipe machines

New Delhi: A new malware has been reported that steals credit information from the swipe machines. The malware has infected about 700 retail outlets and can cause further damage it the issue is not taken into concern by banks and merchants.

The Indian Computer Emergency Response Team (CERT-In) has issued a warning of the new malware which has been identified as BrutPoS.

CERT-In which works under the department of information technology said "It has been reported that malware variants targeting point-of-sale (POS) systems, dubbed ‘BrutPOS’, is speading.”

“BrutPOS mainly targets Windows-based system by leveraging web as the main infection vector apart from being downloaded by other malware families," it added.

Head of business development at SISA Information Security, Nitin Bhatnagar said “BrutPOS malware identifies the system that has weak username/passwords and tries to exploit them. These username-passwords combinations are typically default like admin-admin or admin-password."

"Although we can get an idea of the number of devices that are infected, we cannot identify the devices themselves. The malware is designed in such a manner that it does not have a label and is named identical to some of the Windows system files," he added.

POS devices based on internet protocol (IP traffic) gets affected by the new malware; card machines connected through phone lines will not be affected.